[El-errata] ELSA-2025-3210 Important: Oracle Linux 8 container-tools:ol8 security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Fri Apr 4 11:13:31 UTC 2025
Oracle Linux Security Advisory ELSA-2025-3210
http://linux.oracle.com/errata/ELSA-2025-3210.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
aardvark-dns-1.10.1-2.module+el8.10.0+90541+332b2aa7.x86_64.rpm
buildah-1.33.12-1.module+el8.10.0+90541+332b2aa7.x86_64.rpm
buildah-tests-1.33.12-1.module+el8.10.0+90541+332b2aa7.x86_64.rpm
cockpit-podman-84.1-1.module+el8.10.0+90541+332b2aa7.noarch.rpm
conmon-2.1.10-1.module+el8.10.0+90541+332b2aa7.x86_64.rpm
containernetworking-plugins-1.4.0-5.module+el8.10.0+90541+332b2aa7.x86_64.rpm
containers-common-1-82.0.1.module+el8.10.0+90541+332b2aa7.x86_64.rpm
container-selinux-2.229.0-2.module+el8.10.0+90541+332b2aa7.noarch.rpm
crit-3.18-5.module+el8.10.0+90541+332b2aa7.x86_64.rpm
criu-3.18-5.module+el8.10.0+90541+332b2aa7.x86_64.rpm
criu-devel-3.18-5.module+el8.10.0+90541+332b2aa7.x86_64.rpm
criu-libs-3.18-5.module+el8.10.0+90541+332b2aa7.x86_64.rpm
crun-1.14.3-2.module+el8.10.0+90541+332b2aa7.x86_64.rpm
fuse-overlayfs-1.13-1.module+el8.10.0+90541+332b2aa7.x86_64.rpm
libslirp-4.4.0-2.module+el8.10.0+90541+332b2aa7.x86_64.rpm
libslirp-devel-4.4.0-2.module+el8.10.0+90541+332b2aa7.x86_64.rpm
netavark-1.10.3-1.module+el8.10.0+90541+332b2aa7.x86_64.rpm
oci-seccomp-bpf-hook-1.2.10-1.module+el8.10.0+90541+332b2aa7.x86_64.rpm
podman-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.x86_64.rpm
podman-catatonit-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.x86_64.rpm
podman-docker-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.noarch.rpm
podman-gvproxy-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.x86_64.rpm
podman-plugins-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.x86_64.rpm
podman-remote-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.x86_64.rpm
podman-tests-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.x86_64.rpm
python3-criu-3.18-5.module+el8.10.0+90541+332b2aa7.x86_64.rpm
python3-podman-4.9.0-3.module+el8.10.0+90541+332b2aa7.noarch.rpm
runc-1.1.12-6.module+el8.10.0+90541+332b2aa7.x86_64.rpm
skopeo-1.14.5-3.module+el8.10.0+90541+332b2aa7.x86_64.rpm
skopeo-tests-1.14.5-3.module+el8.10.0+90541+332b2aa7.x86_64.rpm
slirp4netns-1.2.3-1.module+el8.10.0+90541+332b2aa7.x86_64.rpm
udica-0.2.6-21.module+el8.10.0+90541+332b2aa7.noarch.rpm
aarch64:
aardvark-dns-1.10.1-2.module+el8.10.0+90541+332b2aa7.aarch64.rpm
buildah-1.33.12-1.module+el8.10.0+90541+332b2aa7.aarch64.rpm
buildah-tests-1.33.12-1.module+el8.10.0+90541+332b2aa7.aarch64.rpm
cockpit-podman-84.1-1.module+el8.10.0+90541+332b2aa7.noarch.rpm
conmon-2.1.10-1.module+el8.10.0+90541+332b2aa7.aarch64.rpm
containernetworking-plugins-1.4.0-5.module+el8.10.0+90541+332b2aa7.aarch64.rpm
containers-common-1-82.0.1.module+el8.10.0+90541+332b2aa7.aarch64.rpm
container-selinux-2.229.0-2.module+el8.10.0+90541+332b2aa7.noarch.rpm
crit-3.18-5.module+el8.10.0+90541+332b2aa7.aarch64.rpm
criu-3.18-5.module+el8.10.0+90541+332b2aa7.aarch64.rpm
criu-devel-3.18-5.module+el8.10.0+90541+332b2aa7.aarch64.rpm
criu-libs-3.18-5.module+el8.10.0+90541+332b2aa7.aarch64.rpm
crun-1.14.3-2.module+el8.10.0+90541+332b2aa7.aarch64.rpm
fuse-overlayfs-1.13-1.module+el8.10.0+90541+332b2aa7.aarch64.rpm
libslirp-4.4.0-2.module+el8.10.0+90541+332b2aa7.aarch64.rpm
libslirp-devel-4.4.0-2.module+el8.10.0+90541+332b2aa7.aarch64.rpm
netavark-1.10.3-1.module+el8.10.0+90541+332b2aa7.aarch64.rpm
oci-seccomp-bpf-hook-1.2.10-1.module+el8.10.0+90541+332b2aa7.aarch64.rpm
podman-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.aarch64.rpm
podman-catatonit-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.aarch64.rpm
podman-docker-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.noarch.rpm
podman-gvproxy-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.aarch64.rpm
podman-plugins-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.aarch64.rpm
podman-remote-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.aarch64.rpm
podman-tests-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.aarch64.rpm
python3-criu-3.18-5.module+el8.10.0+90541+332b2aa7.aarch64.rpm
python3-podman-4.9.0-3.module+el8.10.0+90541+332b2aa7.noarch.rpm
runc-1.1.12-6.module+el8.10.0+90541+332b2aa7.aarch64.rpm
skopeo-1.14.5-3.module+el8.10.0+90541+332b2aa7.aarch64.rpm
skopeo-tests-1.14.5-3.module+el8.10.0+90541+332b2aa7.aarch64.rpm
slirp4netns-1.2.3-1.module+el8.10.0+90541+332b2aa7.aarch64.rpm
udica-0.2.6-21.module+el8.10.0+90541+332b2aa7.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//aardvark-dns-1.10.1-2.module+el8.10.0+90541+332b2aa7.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//buildah-1.33.12-1.module+el8.10.0+90541+332b2aa7.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//cockpit-podman-84.1-1.module+el8.10.0+90541+332b2aa7.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//conmon-2.1.10-1.module+el8.10.0+90541+332b2aa7.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//containernetworking-plugins-1.4.0-5.module+el8.10.0+90541+332b2aa7.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//containers-common-1-82.0.1.module+el8.10.0+90541+332b2aa7.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//container-selinux-2.229.0-2.module+el8.10.0+90541+332b2aa7.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//criu-3.18-5.module+el8.10.0+90541+332b2aa7.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//crun-1.14.3-2.module+el8.10.0+90541+332b2aa7.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//fuse-overlayfs-1.13-1.module+el8.10.0+90541+332b2aa7.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//libslirp-4.4.0-2.module+el8.10.0+90541+332b2aa7.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//netavark-1.10.3-1.module+el8.10.0+90541+332b2aa7.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//oci-seccomp-bpf-hook-1.2.10-1.module+el8.10.0+90541+332b2aa7.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//podman-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//python-podman-4.9.0-3.module+el8.10.0+90541+332b2aa7.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//runc-1.1.12-6.module+el8.10.0+90541+332b2aa7.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//skopeo-1.14.5-3.module+el8.10.0+90541+332b2aa7.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//slirp4netns-1.2.3-1.module+el8.10.0+90541+332b2aa7.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//udica-0.2.6-21.module+el8.10.0+90541+332b2aa7.src.rpm
Related CVEs:
CVE-2025-22869
Description of changes:
aardvark-dns
buildah
cockpit-podman
conmon
containernetworking-plugins
containers-common
[1-82.0.1]
- Updated removed references [Orabug: 33473101] (Alex Burmashev)
- Adjust registries.conf (Nikita Gerasimov)
- remove references to RedHat registry (Nikita Gerasimov)
[2:1-82]
- update vendored components
- Resolves: RHEL-40801
[2:1-81]
- Update shortnames from Pyxis
- Related: Jira:RHEL-2110
[2:1-80]
- bump release to preserve upgrade path
- Resolves: Jira:RHEL-12277
[2:1-59]
- update vendored components
- Related: Jira:RHEL-2110
[2:1-58]
- update vendored components
- Related: Jira:RHEL-2110
[2:1-57]
- fix shortnames for rhel-minimal
- Related: Jira:RHEL-2110
[2:1-56]
- implement GPG auto updating mechanism from redhat-release
- Resolves: #RHEL-2110
[2:1-55]
- update GPG keys to the current content of redhat-release
- Resolves: #RHEL-3164
[2:1-54]
- update vendored components and shortnames
- Related: #2176055
[2:1-53]
- update vendored components
- Related: #2176055
[2:1-52]
- update vendored components
- Related: #2176055
[2:1-51]
- be sure default_capabilities contain SYS_CHROOT
- Resolves: #2166195
[2:1-50]
- improve shortnames generation
- Related: #2176055
[2:1-49]
- update vendored components and configuration files
- Related: #2123641
[2:1-48]
- update vendored components and configuration files
- Related: #2123641
[2:1-47]
- enable NET_RAW capability for RHEL8 only
- Related: #2123641
[2:1-46]
- update vendored components and configuration files
- Related: #2123641
[2:1-45]
- update vendored components and configuration files
- Related: #2123641
[2:1-44]
- update vendored components and configuration files
- Related: #2123641
[2:1-43]
- update vendored components and configuration files
- Related: #2123641
[2:1-42]
- update vendored components and configuration files
- Related: #2123641
[2:1-41]
- add beta GPG key
- Related: #2123641
[2:1-40]
- add beta keys to default-policy.json
- Related: #2061390
[2:1-39]
- update shortnames
- Related: #2061390
[2:1-38]
- arch limitation because of go-md2man (missing on i686)
- Related: #2061390
[2:1-37]
- add install section
- update vendored components
- Related: #2061390
[2:1-36]
- remove aardvark-dns and netavark - packaged separately
- update vendored components and configuration files
- Related: #2061390
[2:1-35]
- update vendored components and configuration files
- Related: #2061390
[2:1-34]
- remove rhel-els and update shortnames
- Related: #2061390
[2:1-33]
- update shortnames
- Related: #2061390
[2:1-32]
- additional fix for unqualified registries
- Related: #2061390
[2:1-31]
- fix unqualified registries
- Related: #2061390
[2:1-30]
- update vendored components and configuration files
- Related: #2061390
[2:1-29]
- update unqualified registries list
- Related: #2061390
[2:1-28]
- update aardvark-dns and netavark to 1.0.3
- update vendored components
- Related: #2061390
[2:1-27]
- add man page sources too
- Related: #2061390
[2:1-26]
- add missing man pages from Fedora
- Related: #2061390
[2:1-25]
- allow consuming aardvark-dns and netavark from upstream branch
- Related: #2061390
[2:1-24]
- update to netavark and aardvark-dns 1.0.2
- update vendored components
- Related: #2061390
[2:1-23]
- update to netavark and aardvark-dns 1.0.1
- Related: #2001445
[2:1-22]
- build rust packages with RUSTFLAGS set to make ExecShield happy
- Related: #2001445
[2:1-21]
- do not specify infra_image in containers.conf
- needed to resolve gating test failures
- Related: #2001445
[2:1-20]
- update to netavark-1.0.0 and aardvark-dns-1.0.0
- Related: #2001445
[2:1-19]
- package aarvark-dns and netavark as part of the containers-common
- Related: #2001445
[2:1-18]
- update shortnames and vendored components
- Related: #2001445
[2:1-17]
- containers.conf should contain network_backend = "cni" in RHEL8.6
- Related: #2001445
[2:1-16]
- update vendored components and configuration files
- Related: #2001445
[2:1-15]
- sync vendored components
- Related: #2001445
[2:1-14]
- sync vendored components
- Related: #2001445
[2:1-13]
- update shortnames from Pyxis
- Related: #2001445
[2:1-12]
- do not allow broken content from Pyxis to land in shortnames.conf
- Related: #2001445
[2:1-11]
- sync vendored components
- update shortnames from Pyxis
- Related: #2001445
[2:1-10]
- use log_driver = "journald" and events_logger = "journald" for RHEL9
- Related: #2001445
[2:1-9]
- consume seccomp.json from the oldest vendored version of c/common,
not main branch
- Related: #2001445
[2:1-8]
- update vendored components
- Related: #2001445
[2:1-7]
- make log_driver = "k8s-file" default in containers.conf
- Related: #2001445
[2:1-6]
- sync vendored components
- Related: #2001445
[2:1-5]
- update to the new vendored components
- Related: #2001445
[2:1-4]
- update to the new vendored components
- Related: #2001445
[2:1-3]
- update to the new vendored components
- Related: #2001445
[2:1-2]
- synchronize config files for RHEL-8.5
- Related: #1934415
[2:1-1]
- initial import
- Related: #1934415
container-selinux
criu
crun
fuse-overlayfs
libslirp
netavark
oci-seccomp-bpf-hook
podman
[4.9.4-20.0.1]
- Fixes issue of container created in cgroupv2 not start in cgroupv1 [Orabug: 36136813]
- Fixes container memory limit not set after host is rebooted with cgroupv2 [Orabug: 36136802]
- Fixes issue of podman execvp error while using podmansh [Orabug: 36756665]
[4:4.9.4-20]
- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel
(https://github.com/containers/podman/commit/0e11f82)
- fixes "CVE-2025-22869 container-tools:rhel8/podman: Potential denial of service in golang.org/x/crypto [rhel-8.10.z]"
- Resolves: RHEL-81299
python-podman
runc
skopeo
slirp4netns
udica
More information about the El-errata
mailing list